System and method for securing digital messages

ABSTRACT

A system and method for providing an improved way to secure messages being transmitted between communicating devices. Security mechanisms, operating below the session establishment level, provide encryption that becomes stronger over time as devices continue to communicate. After random characters are used to encrypt an initial message, each new message communicated between two devices is encrypted with the most recent message communicated there-between. Moreover, messages to be transmitted are parsed into smaller records having a fixed page length, encrypted and combined with additional encrypted records a predetermined number of times. The disclosed system and method also provide a multi-threading capability, thereby reducing the likelihood of a denial of service of attack.

FIELD OF THE INVENTION

[0001] The present invention relates to network data communications, andmore particularly ensuring that an intercepted message by anunauthorized party is unintelligible to that party.

BACKGROUND OF THE INVENTION

[0002] The proliferation of users and services on global computernetworks such as the Internet raises security concerns for both usersand service providers. Users want the data they submit to providers andthe data they receive from providers to be free from unauthorizedinterception and use. Similarly, service providers want their hosts andsystems secured from unauthorized access and intrusion by “hackers.”Service providers, especially those involved with financial services,view their computing hardware and software as critical assets. Theseservice providers rely on the trust of their customers who assume thatno one will be able to access customer records or otherwise negativelyimpact the service.

[0003] Prior on-line services used dedicated dial-up facilities, andcustomized security software on the user's terminal and the host systemto prevent unauthorized access. In practice, users were forced to accessthe service provider's system by dialing a special telephone number.Transmitted data was secured by encryption, and incoming dial-up callswere only accepted from authorized users. Security software was alsoimplemented on the provider's host system. This became very inefficientand cumbersome as users began to subscribe to multiple on-line services.

[0004] Global computer networks such as the Internet allow users toaccess many different hosts and services from their computers via asingle access connection. While this has enhanced users' abilities toaccess information and conduct business, global networking hascomplicated service providers' security mechanisms.

[0005] Security methods have been developed over time which enable theuse of special security software on both a user's terminal and a host'ssystem. For example, the Secure Sockets Layer (SSL) handshake protocolis used for client and host authentication. SSL employs encryptionalgorithms (“cyphers”), for example, RC4, RSA and digital signature, toencrypt messages with one or more additional bytes that are passedbetween communicating devices. SSL is application independent,negotiates encryption keys and authenticates the communicating devicesprior to allowing communications. Thus, it facilitates secure datatransmission between a user and a host, and provides a reasonableassurance that messages transmitted to and from intended devices arefree from unauthorized interception.

[0006] While prior art encryption methods assure secure communicationsessions, the level of security associated therewith remains within asingle state. The methods are static in that the keys that are used toencrypt and decrypt the messages remain the same during a singlecommunication session. Moreover, modulus encryption techniques can beslow, and coupled with the generation and passing of keys betweenrespective devices, significant performance degradation can occur,especially when multiplied many times over for a plurality of users.

[0007] A key goal of encryption algorithms in general is thepreservation of confidentiality of messages being transmitted betweenparties. After completing an SSL handshake, a user terminal and a hostsystem use the session keys passed between them to encrypt and decryptdata that are being transmitted.

[0008] Prior art ciphers are designed to protect against a securityattack known as a “man in the middle” attack. Such an attack comprisesan unauthorized party eavesdropping on a communication, for example, byintercepting messages passed between a sender device 12 and a receiverdevice 14 (FIG. 1). The unauthorized party intercepts and accesses themessages transmitted between the sender device 12 and receiver device14, and is, thereafter, able to engage in unauthorized activity, forexample, accessing the devices, and using the information in thecommunications for unauthorized purposes. Moreover, an unauthorizedparty intercepting communications between a sender device 12 andreceiver device 14 can substitute keys that are sent back and forthbetween the respective devices and fool the devices into believing theyare communicating with each. Although prior art authentication measuresminimize the likelihood of a man in the middle attack, the security ofthe messages is not guaranteed.

[0009] It is, therefore, desirable to provide an efficient system forsecuring a communication session such that an intercepted message froman unauthorized party cannot be deciphered.

SUMMARY OF THE INVENTION

[0010] The present invention provides an improved way to secure messagesbeing transmitted between communicating devices.

[0011] At the outset of a communication session, a first device receivesencoding information from a second device. The encoding information isused to encrypt a message sent from the second device to the firstdevice, and, once encrypted, the encrypted message is stored in a firstmemory. Thereafter, the encrypted message is transmitted to the firstdevice.

[0012] After the encrypted message is received by the first device, thefirst device decrypts the message using the encoding informationinitially transmitted to the second device. The first device also storesthe encrypted message in a second memory.

[0013] Thereafter, a second message is generated by the second device,and the second message is also encrypted prior to being transmitted. Thesecond device uses the first encrypted message that is stored in thefirst memory to encrypt the second message. The second encrypted messageis transmitted to the first device, and the first device references thesecond memory, retrieves the stored encrypted first message, and uses itto decrypt the second encrypted message.

[0014] Each subsequent communication between the respective first andsecond devices builds on prior communicated messages for encryption ofthe messages.

[0015] Other features and advantages of the present invention willbecome apparent from the following description of the invention whichrefers to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0016] For the purpose of illustrating the invention, there is shown inthe drawings a form which is presently preferred, it being understood,however, that the invention is not limited to the precise arrangementshown, in which:

[0017]FIG. 1 is a diagram of a prior art security hardware arrangement;

[0018]FIG. 2 is a diagram of the security hardware arrangement of thepresent invention;

[0019]FIG. 3 is a high level flowchart showing the relationship of themodules of the present invention;

[0020] FIGS. 4A-4C are detailed flowcharts depicting an example sendprocess of the present invention; and

[0021]FIG. 5 is a detailed flowchart of an example receive process ofthe present invention.

DETAILED DESCRIPTION OF THE INVENTION

[0022] The present invention provides a system and method which allowsdevices to secure messages transmitted between each other across acommunication network. In accordance with the present invention,security mechanisms are employed which operate “below” the sessionestablishment level in a manner which is transparent to the user. Thesecurity system of the present invention is protocol independent, andoperates on devices employing virtually any communication protocol,including, for example, TCP/IP, UDP, and IPX/SPX.

[0023] The present invention presents an improvement over prior artsecurity mechanisms, including ciphers typically implemented by SSL,including digital signature, RSA and RC4. Such traditional techniques,known as modulus encryption methods, require a hash to be generated inwhich each communication session has a single key generated therefor,and after the session terminates, the key is lost. Moreover, even withthe use of public and private key encryption methods, transmission ofmessages between devices is not guaranteed to be secure. For example, byperforming a brute force attack, perhaps via concurrent operatingdevices, keys can be deciphered and the contents of a message thereafterdeciphered. In accordance with the present invention, even a brute forceattack performed on an intercepted message would not reveal the contentstherein, due to the nature of the encryption method employed.

[0024] In accordance with the present invention, communication sessionsbetween respective devices are stored in a memory, for example, a datacache directed to each respective device, for reference in futurecommunication sessions. The encryption system of the present inventionis much stronger than prior art methods because the encrypted messagesbecome increasingly secure as respective devices continue to communicateover time. Since message content changes over time and becomesintegrally part of the encryption process, the ability to decryptmessages by unauthorized devices becomes increasingly difficult.

[0025] Referring to the drawings figures in which like referencedesignators refer to like elements, there is shown in FIG. 1 an exampleof a typical prior art security hardware arrangement. In the exampleshown, a sender device 12 communicates with a receiver device 14 overcommunication network 16. Communication network 16 can be a local areanetwork (LAN), a wide area network (WAN), or a global communicationnetwork such as the Internet. To exemplify prior art securitymechanisms, a firewall is interposed between the sender system 12 andthe communication network 16. Moreover, a proxy server is interposedbetween receiver system 14 and communication network 16.

[0026] Sender device 12 and receiver device 14 are typical devicessuitable for performing the functions required of host and clientsystems, respectively. For example, each receiver system 14 can be apersonal computer, a hand-held computer device capable of accessing acommunication network, or a cellular telephone. Each sender device 12can range in size and capability from a cellular telephone to amainframe computer, and is sized according to the service provider'sparticular requirements. The computing hardware platforms for the senderdevice 12 and receiver device 14 need not contain any special operatingsystem enhancements in order to function in their respective capacities.However, sender device 12 and receiver device 14 do contain specialsoftware which enables these devices to function as integral parts ofthe present invention. These control programs running on the respectivedevices can be written in any language suitable for programming, forexample, C++ or Java. Moreover, in a preferred embodiment of the presentinvention, messages are formatted in the extensible mark-up language(“XML”) and transmitted to and from the respective devices.

[0027]FIG. 2 shows an example hardware and software arrangement inaccordance with the present invention. Most notably, security modulesystem 10 is coupled to the respective sender devices 12 and receiverdevices 14, and operates to secure the messages transmitted and receivedby the respective devices. Although not shown in FIG. 2, prior arthardware devices, including firewalls and proxy servers, remain fullyfunctional, notwithstanding the employment of security system 10 on eachcommunicating device.

[0028] As the use of the Transmission Control Protocol/Internet Protocol(“TCP/IP”) has proliferated throughout the world as the most accepteddigital communications protocol, interference with messages passedbetween sending and receiving devices remains a serious problem.Interference, for example, eavesdropping (unauthorized monitoring ofcommunications) and tampering (changing or replacing information inmessages), has led to the development of encryption methods, including,for example, digital signature and RC4. As noted above, SSL takesadvantage of public-key cryptography to enable encryption and decryptionof messages, reduce tampering, authenticate users, and confirm thatmessages are delivered successfully.

[0029] The present invention, using the processes described herein,greatly reduces the likelihood that a man in the middle attack willsuccessfully result in the intercepting party being able to decode themessage and retrieve the information transmitted therein.

[0030] A description of the processes and functions associated withsecuring messages in accordance with the present invention will now takeplace.

[0031] In a preferred embodiment, large messages that are transmittedfrom the receiver device 14 to the sender device 12 are split intosmaller, fixed page length records, and the records are combined apredetermined number of times before being transmitted. For example, amessage of 1,000 bytes is parsed into ten 100 byte records, and thefirst five of the 100 byte records are combined and transmitted to thesender device 12, and then the second five 100 byte records are combinedand transmitted. Each record is preferably encrypted according to theprocesses described below, prior to being combined and transmitted.Small messages are padded with random bytes, if necessary, to reach thepredefined, fixed page length.

[0032] After a request for a communication session is received by asender device 12, the sender device 12 responds with a message thatincludes parameters for securing messages via the present invention.Parameters are transmitted to the receiver device 14 that include aminimum and maximum page length for all messages transmitted between thedevices.

[0033] For example, the sender device 12 defines a minimum page lengthof 64 bytes and a maximum page length of 1,024 bytes, and are appliedfor the above-described records. After receiving these parameters, thereceiver device 14 evaluates the length of each message that is to besent to the sender device 12 and determines an appropriate page lengththerefor. Continuing with the present example, a message that is 24bytes in length would have the minimum page length setting appliedthereto. In such case, the message is padded with forty bytes of randominformation to conform to the appropriate minimum page length setting.Alternatively, a message comprising 2,000 bytes would have the maximumpage length value applied thereto, and the message would be parsed intotwo records: one records would comprise the first 1,024 bytes of themessage, and the second record would comprise the last 976 bytes of themessage, plus forty-eight bytes appended thereto of random informationto comply with the maximum page length requirement.

[0034] The employment of minimum and maximum page length settingsensures efficient transmissions between the communicating devices. Ifonly a single message page length is employed, for example, of 1024bytes, then, for example, a message of 24 bytes would have to be paddedto reach a length of 1,024 bytes and would result in an inefficient useof resources. Similarly, if a single message page length of 64 bytes isused for message transmissions, then a message comprising 1,000 byteswould have to be parsed sixteen times into smaller message files inorder to conform to a fixed 64 byte message length and would also bevery inefficient. Therefore, the fixed page length employed for messagessent between the sender device 12 and receiver device 14 is dependentupon the size of the message to be transmitted.

[0035] As noted above, the security of messages encrypted via thepresent invention increases as the sender device 12 and receiver device14 communicate over time. This is achieved by storing the contents ofmessages passed between the sender device 12 and receiver device 14, forexample, in a data cache, and thereafter, combining future messages withthe cached messages. More particularly, the security system of thepresent invention applies binary addition to the message to betransmitted with the cached messages. The page length of the cachedmessages is fixed to a preset size, such that the length of the cachedmessages never extends past the fixed size. In this way, when a newmessage is combined using binary addition to the existing cachedmessages, the message becomes encrypted and extremely difficult todecipher, in part because the page length of the message is notvariable.

[0036] To illustrate by way of example, a previous message stored in adata cache and represented in decimal format is equal to 99999. Thefixed page length of the cached message is five bytes. A new message tobe added thereto, also represented in decimal format, is equal to 1. Avariable length message file, after the two messages are added, wouldequal 100000. However, since the message page length in the data cacheis fixed to five bytes, the resulting sum is 00000 and would, therefore,be unintelligible by a party that unscrupulously captures the message ina man in the middle attack, as described above.

[0037] In addition to maximum and minimum page length settings, thesender device 12 also defines a parameter for the number of records tobe combined prior to transmitting to the sender device 12. Aftermessages are parsed into records having an appropriate fixed length, inthe above example, 64 or 1024 bytes, the records are then combined withmessages stored in the data cache, as described above. However, thereceiver device 14 does not yet transmit the records to the senderdevice 12. The receiver device 14 references the parameter defining thenumber of records to combine and, depending upon whether the end of themessage has been reached, repeats the above-described process of parsingthe message into records in accordance with the message lengthparameters, and encrypting the records by combining them with the storeddata cache. The receiver device 14, thereafter, repeats the processagain until the number of records to be combined equals the number ofrecords to combine parameter as defined by the sender device 12. Oncethe number of records encrypted with the cache equals the number ofrecords to combine parameter, the records are added together, preferablyvia binary arithmetic, and then transmitted.

[0038] For example, if the parameter defining the number of records tobe combined prior to transmission is equal to ten, then the processrepeats ten times, or until the end of the message has been reached. Inthis way, the security system of the present invention is veryefficient. For example, a message consisting of 100,000 bytes and parsedinto 5,000 byte records is not transmitted in twenty page segments.Instead, the 5,000 byte records are combined, according to thepredefined parameter, and transmitted just a few times.

[0039] It is important to note that the sender device 12 also transmitsa code that identifies itself to the receiver device 14. This code isused by the receiver device 14 to ensure that the sender device 12 isthe source of the transmission, and not an unscrupulous hacker. When thereceiver device 14 transmits encrypted messages to the sender device 12,it, too, appends an identifying code. Thus, the origin of thetransmissions is confirmed by the respective devices.

[0040] Moreover, to ensure that messages transmitted can be interpretedby disparate devices, for example, devices that read either ASCII orEBCDIC, the receiver device 14 performs a conversion according to theBASE64CODE standard. To ensure that messages are transmitted withouterrors that typically arise over communication networks, the receiverdevice 14 also performs a cyclic redundancy check (“CRC”) on themessage. When the message is received by the sender device 12, thesender device 12 similarly performs a CRC to ensure successfultransmission and performs a BASE64DECODE for compatibility. When asender device 12 confirms that the message contains no transmissionerrors, it transmits an acknowledgement (“ACK”) to the receiver device14, thereby indicating that the next message, if any, can betransmitted. In the event of an error occurring during transmission, thesender device 12 transmits a negative acknowledgement (“NACK”) to thereceiver device 14, and the message is retransmitted.

[0041] In a preferred embodiment of the present invention, each messageto be transmitted using the security functionality of the presentinvention is translated in hexadecimal format before being parsed intofixed-length records. This is done, in part, because occasionally a nullcharacter string is interpreted as a terminating character andindicating an end of a message. For example, the C programming languageinterprets a null character as an end of message directive. Bytranslating messages into a hexadecimal format, an inadvertent nullcharacter string can be avoided.

[0042] Thus, the security system of the present invention providesenhanced security and greater efficiency than prior art methods. Anunscrupulous hacker who intercepts a message but does not have access toall of the number of records to be combined, the predefined page lengthand the contents of the data cache is unable to decrypt the message.Moreover, the system operates approximately 500 to 1,000 times fasterthan traditional prior art encryption methods, including SSL. This isdue, in large part, to the extremely fast binary arithmetic operationsperformed for encrypting the data, coupled with the absence of securitykeys that, in prior art methods, are generated and passed between therespective devices.

[0043] In one embodiment of the present invention, an Internet web site,acting as a sender device 12 and employing the security modules of thepresent invention, transmits an arbitrary message to any receiver device14 that accesses the web site and that is requesting a communicationsession. For example, a Joint Photographic Expert Group (“JPEG”) imagefile of the Statue of Liberty is transmitted to the receiver device 14and is used to form the basis for encryption of messages sent betweenthe respective devices. The arbitrary message, in this example, theimage file, becomes the primary reference that is used by the twocommunicating devices to encrypt and decrypt messages transmittedthere-between. The image file is also used to pad any message fragmentsrequired to comply with the fixed page length requirements defined bythe sender device 12.

[0044] The processes and functions associated with receiving messages inaccordance with the present invention are now described as follows.

[0045] In accordance with the present invention, messages encryptedaccording to the foregoing rules are received by the sender device 12.Both the sender device 12 and the receiver device 14 use the storedcache data to encrypt and decrypt messages sent there-between.Therefore, after the sender device 12 receives a message encrypted viathe security system of the present invention, the sender device 12references a stored data cache that is identical to the data cache usedby receiver device 14 to encrypt the existing message. The sender device12 performs binary subtraction on the received encrypted message usingthe contents of the stored data cache to decrypt the message. Ifnecessary, the sender device 12 removes any additional bytes that mayhave been added to the message by the sender device 14 to pad themessage in order to comply with the fixed page length requirement, asdefined by the sender device 12. In this way, the sender device 12,knowing the fixed page length of the message and the contents of thedata cache, can decipher the received message. Moreover, the senderdevice 12 that receives the encrypted message refers to an originatingcode therein to ensure that the message was delivered from the intendedreceiver device 14.

[0046] It is important to note that the sender device 12 and receiverdevice 14 may have communication sessions with thousands of differentdevices. In accordance with the present invention, a separate data cacheis referenced by the sender device 12 and/or the receiver device 14 forthe respective communicating device. When an encrypted message isreceived from a receiver device 14, the sender device 12 references thestored data cache for the respective receiver device 14 in order todecrypt the message such that the sender device 12 will be able todecipher the message. Moreover, when a message is being encrypted by areceiver device 14, the receiver device 14 references the appropriatestored data cache for the respective sender device 12 in order toencrypt the message for the sender device 12.

[0047] The multi-threading capabilities of the present invention operateas follows.

[0048] The security system of the present invention enables the use of asingle IP address and communication port (referred to herein as a“socket”) connection between sender and receiver devices, and allmessages sent between the respective devices are transmitted thereon.This represents a significant improvement over prior art securitysystems that require different sockets to be opened and closed for eachmessage being transmitted. For example, when a user establishes aconnection with a web page that comprises multiple objects (e.g.,images, sounds, exterior page text, or the like) using web browsersoftware, a communication and data session is established between theserver and the browser software. Through this session, multiple socketsare opened in order to retrieve the multiple objects. If the user isconnected to a secure web site, the security is maintained in all of thesocket connections during the communication and data session until thesession between the browser and the web server ends, for example by theweb browser or server terminating the session, inactivity resulting in a“time out,” or until the user establishes a connection to an otherwiseunsecured web site. In such case where the browser attempts to connectto an unsecured web site during an active and secured session, a messageis preferably displayed indicating that secure and non-secure items arebeing downloaded simultaneously.

[0049] In accordance with the present invention, all encrypted messagesare transmitted between a sender device 12 and receiver device 14 over asingle communication socket. This is accomplished by the securitymodules employed on the respective devices. Specifically, each messagethat is transmitted between the devices during a single communicationsession is encrypted, including, for example, by appending data theretofrom cached pages, as described herein. A single socket is opened on thesender device 12, for example, a HTTP server, and is used fortransmitting all content between the devices during the singlecommunication session. The sockets required for any additional objects(e.g., images, sound files, and the like) are also opened by the senderdevice 12, but all messages, including the additional objects, that aretransmitted between the sender device 12 and receiver device 14 aredelivered over the single socket connection, and managed by the securitysystem of the present invention.

[0050] In addition to a single communication session between a singlesender device 12 and a single receiver device 14, the present inventionsupports multi-threading of concurrent communication sessions. Themulti-threading capability of the present invention supports a pluralityof concurrent secure communication sessions simultaneously. A receiverdevice 14 establishes a communication session with sender device 12 overa single processing thread. As additional receiver devices 14 establishcommunication sessions with sender device 12, new processing threads arespawned to support each communication session. Methods ofmulti-threading multiple communication sessions between a plurality ofsystems are well known by those skilled in the art.

[0051] In addition to the multi-threading capabilities of the presentinvention, the present invention preferably supports multi-documenttransmissions using single communication thread between one senderdevice 12 and one receiver device 14. The multi-document capability ofthe present invention enables the respective communicating devices tosend different documents simultaneously within a single message.

[0052] For example, sending device 12 transmits three separatedocuments, Document 1, Document 2 and Document 3 to receiving device 14.Document 1 is 1,024 bytes long and is transmitted in sixteen records,each comprising 64 bytes, Document 2 is also 1,024 bytes long and isalso transmitted in sixteen records of 64 bytes, and Document 3 is 2,048bytes and is transmitted in thirty-two records, where each record is 64bytes long. In accordance with the present invention, and as describedherein, each document (1, 2 and 3) are parsed into records comprising 64bytes in length. However, instead of transmitting all sixteen recordscomprising Document 1, then all sixteen records comprising Document 2and thirty-two records comprising Document 3 sequentially, each 64record includes portions of Document 1, Document 2 and Document 3.Further to this example, ten 64 byte records are preferably transmittedbetween the respective devices at a time, and the first three recordsinclude a portion of Document 1, the second three records include aportion of Document 2, and the last four records include a portion ofDocument 3. Preferably, identifying information is included in thetransmission that informs the receiver device 14 that associates eachrecord with a corresponding document number. After the receiver device14 acknowledges a successful reception, receiver device 14 combines thereceived records into a cache and sender device 12 proceeds to transmitthe next three records, including a portion of Document 1, the nextthree records, including a portion of Document 2, and the next fourrecords, including a portion of comprising Document 3 to receiver device14. This process continues until Document 1 and Document 2 have beenfully transmitted. Since, in this example, Document 3 is twice as largeas Documents 1 and 2, the remainder of Document 3 is transmitted as in asingle document transmission, described above.

[0053] In addition to multi-threading and multi-document capabilitiesdescribed above, the present invention further affords a bi-directionalcapability for secure transmissions between the sender device 12 andreceiver device 14. In short, the bi-directional capabilities includes away for the sender device 12 to transmit information to receiver device14 and for receiver device 14 to send information to sender device 12securely and simultaneously.

[0054] For example, sender device 12 initiates a communication withreceiver device 14 to transmit a document that is 2,048 bytes in length.Moreover, receiver device 14 desires to transmit to sender device 12 adocument that is 1,024 bytes in length. The present invention affords asimultaneous transmission of the two documents between the tworespective devices. Further to this example, as sender device 12transmits the first portion of its document to receiver device 14, thereceiver device 14 acknowledges reception of the first portion of thedocuments sent by sender device 12 and further that it has a document ofits own to transmit. In response, sender device 12 directs the receiverdevice 14 to use a portion of the records being transmitted between thetwo devices. In this example, for a transmission comprising ten records,sending device 12 populates records 1, 4, 6, 7, 8 and 10 with thedocument that the sending device 12 is transmitting, and receiver device14 populates records 2, 3, 5 and 9 with a portion of the document thatreceiver device 14 is transmitting. This process continues until atleast one of the documents is completely transmitted. If any remainingportion of a document to be transmitted remains, then the respectivedevice transmits the remainder of its document as in a single documenttransmission, described above.

[0055] An example of the secure communication process implementing thesecurity modules is now described with reference to the high-level flowchart depicted in FIG. 3.

[0056] Referring now to the send message process, initially a message issent from requesting device (i.e., receiver device 14) and received by asender device 12 (step S110). In step S112, the security system 10determines whether previous communications between the sender device 12and receiver device 14 have ever occurred. If no prior communicationshave occurred between the respective devices, then, in step S114, thesecurity system 10 initializes a communication process. The senderdevice 12 determines whether the receiver system 14 employs the securitysystem 10 of the present invention, and, therefore, whether the receiverdevice 14 is able to support the secure communication processesdescribed herein. In the event that the receiver system 14 does notemploy the security system 10, then the process branches to step S122and the sender device 12 passes the message to the sender device 12without any encryption algorithms employed on the message.

[0057] In the event that the receiver system does employ the securitysystem of the present invention, a secure communication process isinitiated and the encryption algorithms of the present invention areused (step S118). The process branches to step S120, and a securemessage send loop process is initialized and implemented for themessage. Messages sent between the receiver device 14 and the senderdevice 12 are secured in accordance with the present invention (stepS122).

[0058] Referring now to the receive message process of the presentinvention (FIG. 3), a message is received by the receiver device 14 fromthe sender device 12 (step S111). Similar to the send message process,the receiver device 14 checks whether prior communications have occurredbetween the respective devices (step S124). In the event that thereceived message represents the first communication between the twodevices, since this is a receive message process, the message isautomatically read (step S126). In the event that the message does notrepresent the first communication between the two, then the receiverdevice 14 proceeds to decrypt the message (step S128) in accordance withthe processes described herein.

[0059] By way of example, FIGS. 4A-4C show a flow chart identifying ingreater detail the preferred steps of the send message process of thepresent invention. In the flow chart shown in FIGS. 4A-4C, a receiverdevice 14 is transmitting a message to the sender device 12.

[0060] In step S200 (FIG. 4A), the receiver device 14 generates amessage, denoted as “M,” for transmission to the sender device 12. Instep S202, the receiver device 14 determines whether an activecommunication session exists between the respective communicatingdevices. If no session exists, then the process branches to step S204wherein the receiver device 14 transmits information to initiate acommunication session with the sender device 12 and, in step S206, waitsfor an ACK and a system identification code to be received from thesender device 12. In step S208, the receiver device 14 determineswhether previous communications have occurred between the respectivedevices, and if not, then, in step S210, the contents of the preliminarycommunication are stored in a data cache. If previous communicationshave occurred between the respective devices, then the receiver device14 references a stored data cache for the current communication (notshown).

[0061] If, in step S202, the receiver device 14 determines that an opencommunication session exists with the sender device 12, then the processbranches to step S212. Similarly, after the receiver device 14 storesthe contents of the preliminary communication in the data cache (stepS210), the process branches to step S212. Also, if the receiver device14 determines, in step S208, that previous communications have occurredbetween the respective devices, then the process branches to step S212.

[0062] In step S212, the receiver device 14 initializes three variables,in which one variable, MessNo (representing an index of the combinedrecords being sent), is set to 0, another variable, MessEnd(representing the end of the message), is set to false, and a thirdvariable, TempPageSpac (an index used for combining records prior totransmission), is set to 0.

[0063] From step S212, the process branches to step S214, wherein adetermination is made regarding the length of the message M. As notedabove, messages transmitted according the present invention parsed intorecords having an assigned fixed page length (denoted in the example inFIG. 4A as “PS”) based on parameters including a minimum page size and amaximum page size defined by the sender device 12. In the example shownin FIG. 4A, the maximum page length is defined at 1028, and the minimumpage length is defined at 64. Also in FIG. 4A, the receiver device 14determines, in step S214, whether to use the maximum or minimum pagelength by referencing the length of message M. In the example shown inFIG. 4A, in the event the length of the message M is greater than 1028bytes, then the system branches to step S216 where the variable PS isassigned a value of 1028. In the event the page length of message M isless than 1028, then the system branches to step S218 and defines PS toequal 64. Thereafter, the process branches to step S220 wherein the lastsummation stored in the data cache, preferably an XML repository, isretrieved and stored in a variable, denoted herein as “LS”.

[0064] As noted above, the present invention preferably parses a messageinto records having a fixed page length, and after encrypting eachrecord, the receiver device 14 transmits a predefined number of combinedrecords to the sender device 12. From step S220, the process branches tostep S222 (FIG. 4B) and a variable, messcount (representing the numberof messages to be transmitted), is assigned a value of 0.

[0065] Thereafter, the process branches to step S224, and a loopingmechanism is invoked. Within the loop, the process branches to stepS226, and a determination is made whether the length of message M isgreater than the value of the variable, PS. In the event that the lengthof message M is greater than the predefined page length, PS, then theprocess branches to step S228 and prepares a record to be transmitted tothe sender device 12. The record is created from the original message byextracting the number of bytes (PS) from the message M, denoted in FIG.4B as R=M−(length[M]−PS). Thereafter, the message, M, is modified byremoving the bytes comprising the record, denoted in FIG. 4B as M=M−R.After the system 10 has generated a record to be sent to the senderdevice 12, the process branches to step S230 and the record is stored ina message queue to be combined with other records prior to transmission.

[0066] In the event that the length of message M is not greater than thedefined page length, PS, a determination is made in step S232 whetherthe length of message M is less than the value of PS If the length ofmessage M is less than the value of PS, then the process branches tostep S234 wherein the message M is concatenated with random characters,for example a JPEG image of the Statue of Liberty, in order to reach thefixed page length (PS). From there, the process branches to step S236,the message is marked as being complete (MessEnd-True), and thetemporary message queue is emptied of the message.

[0067] Thereafter, the process branches to step S238, the record isencrypted and prepared for transmission. Specifically, the record isencrypted by adding the last summation, LS, to the record, preferably byusing the binary addition process described above, and BASE64CODE andCRC coding, also described above, are performed on the record R forcompatibility with disparate devices, and, further, to ensure successfultransmission.

[0068] From step S238, the process branches to step S240 (FIG. 4C) wherethe variables, MessNo and TempPageSpac, initialized in step S204 (FIG.4A), are incremented by a value of one. Thereafter, the process branchesto step S242 wherein a plurality of information is transmitted. Forexample, as shown in step S242, the variables MessNo, MessEnd, system IDof the sender device 12 and receiver device 14, and the record aretransmitted. The process branches to step S244 wherein the process loopsback (S224) to continue transmissions, provided there are additionalrecords and/or messages to be transmitted. In step S246, a determinationis made whether the variable, messcount (a temporary variablerepresenting the number of messages), to be sent is equal to 0. If thevariable messcount is equal to 0, then the process branches to step S248where a determination is made whether the value represented by thevariable, MessNo is less than a value represented by the variable,tempbuksize (a temporary variable representing the number of records totransmit at a time). If not, then the process branches to step S250 anda transmission of the records occurs. If the system 10 determines instep S248 that the value of the variable MessNo, is less than the valueof the variable, tempbuksize, then the process branches to step S252 andthe data cache, LS, is updated with the combined records.

[0069] From step S252, the process branches to step S254 directed tobidirectional transmissions. If, in step S254, a determination is madethat the transmission is bi-directional and includes documents beingtransmitted from both the sending device 12 and receiving device 14, avariable, DIRFLAG, is assigned a value to indicate the bi-directionaltransmission. Alternatively, if the transmission includes one-waycommunications (e.g., from sender device 12 to receiver device 14), thenthe variable, DIRFLAG, is assigned a value of receiving only

[0070] If, in step S246, the sender device 14 determines that the valueof the messcount variable is not equal to 0, then, in step S256, adetermination is made whether the value of the variable messno is lessthan the value of the variable tempbuksize. If so, the process, in stepS258, repeats. Alternatively, if the value of the variable messno is notless than the value of the tempbuksize, then the process branches tostep step S262 wherein each record being transmitted to sender device 12is combined in the data cache, LS and stored therein. Thereafter, theprocess branches to step S264 and an ACK is awaited to ensure successfultransmission. When received, the process branches to step S266 and thesystem loops back to step S262 for the next message.

[0071] This set of instructions (modifying the last summation, clearingthe temporary storage of messages to be transmitted (Bukstorage) andupdating the XML repository with the last summation) is repeated foreach set of records to be transmitted to the sender device 12. When theprocess determines that the end of the message has been reached, MessEndequals true, and the entire message has been transmitted securely usingthe methods described herein.

[0072]FIG. 5 shows in greater detail the processes associated with thereceiver device 14 in accordance with the present invention.

[0073] In step S300 (FIG. 5), the sender device 12 receives a messagefrom the receiver device 14, preferably formatted as an XML message, andincluding a plurality of parameters, including the combined records(MessNo), the message end value (MessEnd), the sender device 12(UID(A)), the receiver device 14 (UID(B)) and the record (R). The senderdevice 12 receives enough information from the receiver device 14 todecrypt the message.

[0074] From step S300, the process branches to step S302 wherein adetermination is made whether the sender device 12 encountered an errorwhile receiving the data. In the event that no error was encountered,then, in step S304, the receiver device 14 transmits an ACK. After theACK is received, if additional messages are remaining to be transmitted,then the process continues and additional messages are transmitted.Alternatively, if the receiver device receives a NACK, then theparticular message that was previously transmitted is retransmitted. Inthe event that NO ACK is received during transmission, then the processbranches to step S306 wherein a determination is made whether themessage being decrypted is the first of a group of messages. In theevent that the sender device 12 has received an initial message, thenthe process branches to step S308 wherein the sender device 12 sends anACK to the receiver device 14, and a determination is made in step S310whether previous communications exist with the receiver device 14.

[0075] In the event that this is the initial message, then the processbranches to step wherein an ACK is transmitted and a determination ismade whether this is an initial communication between the respectivedevices. If this is a initial communication, then the message is savedin a data cache (a summation database) in step S312. If this is not aninitial communication with the respective sending device 12, then theinitial records of the message are transmitted.

[0076] If, in step S306, the receiver device 14 determines this is notthe initial message passed between the respective devices, then theprocess branches to step S314 and the record, R, is saved in a temporarystorage area (Bukstorage) along with the identifier of the message beingtransmitted (MessID). Thereafter, the variable MessNo is set to a valueThe variable MESSNO is directed to the number of messages that are beingtransmitted between the respective devices. Moreover, a directory flag(Dirfl) is assigned a value as to whether this is a bidirectionalcommunication or solely a unidirectional one in which the receiverdevice 14 is only receiving messages.

[0077] From step S314, the process branches to step S316 where theappropriate last summation (LS), for the respective sender device 12 isretrieved from the data cache and the record that is received during thetransmission is decoded, preferably by applying binary arithmetic asdescribed above.

[0078] From step S316, the process branches to step S318 wherein adetermination is made whether TempPageSpac is equal to PageSpac. Asnoted above, TempPageSpac represents an index used for combining recordsprior to transmission, and PageSpac represents the records comprisingthe remainder of the message that have yet to be transmitted. If so,then the process branches to step S320 wherein an ACK is transmitted tothe receiver device 14. The process branches from step S320 to step S322wherein the data cache is updated with the most recent records.Alternatively, if in step S318 the receiver device 14 determines thatthe TempPageSpac does not equal the PageSpac, then, in step S324, thereceiver device 14 waits In the preferred embodiment of the presentinvention, the receiver device waits via a looping mechanism foradditional records to be transmitted thereto. Once the complete messagehas been transmitted, for example, by combining fixed length records,then an ACK is transmitted and the receiver device compresses therecords into one summation, and stores the compressed records in amemory, for example, a data cache, and waits for the next transmission.

[0079] Thus, using the received loop process described above, the senderdevice 12 receives secure messages from the receiver device 14, andfurther maintains a current data cache identifying all thecommunications between the respective parties. Moreover, the senderdevice 12 and receiver device 14 maintain concurrent representations ofthe last summations, and thereby encode and decode messages between thetwo devices such that the security mechanisms employed increase witheffectiveness over time.

[0080] It is important to note that the present invention does notinhibit or restrict other security mechanisms or load balancingmechanisms that may be in place over communication networks. Providedthe security module system 10 is installed on the respective sending andreceiving devices, the encoding and decoding mechanisms described abovecan be employed without effecting the platforms on which the mechanismsoperate.

[0081] Although the present invention has been described in relation toparticular embodiments thereof, many other variations and modificationsand other uses will become apparent to those skilled in the art.Therefore, the present invention should be limited not by the specificdisclosure herein.

What is claimed:
 1. A method for securing a message communicated betweena first device and a second device, said method comprising: receivingencoding information from said first device, said encoding informationtransmitted to said second device in response to a request from saidsecond device to communicate a first message to said first device;encrypting said first message with said encoding information and storingsaid encrypted first message in a first memory; transmitting saidencrypted first message to said first device by said second device;receiving said encrypted first message from said second device by saidfirst device, decrypting said encrypted first message with said encodinginformation, and storing said encrypted first message in a secondmemory; generating a second message by said second device, andencrypting said second message with said encrypted first message storedin said first memory; transmitting said encrypted second message to saidfirst device by said second device; and decrypting said encrypted secondmessage by said first device with said first encrypted message stored insaid second memory.
 2. The method of claim 1, further comprisingreceiving parameters from said first device directed to encrypting saidfirst message and said second message.
 3. The method of claim 2, whereinsaid parameters include a small page length value, a large page lengthvalue and a combined records value.
 4. The method of claim 3, furthercomprising determining a record page length value by said second devicebased on one of said small page length value and said large page lengthvalue after evaluating the size of a message to be transmitted by saidsecond device to said first device.
 5. The method of claim 4, furthercomprising splitting at least part of a message by said second deviceinto at least one record having a size equal to said record page lengthvalue, and encrypting said at least one record with at least one of saidencoding information and said encrypted first message.
 6. The method ofclaim 5, further comprising padding said at least one record with randombytes when said record is not as large as said record page length value.7. The method of claim 5, further comprising repeating said step ofsplitting said message into at least one record and said step ofencrypting said at least one record, a number of times equal to saidcombined records value, and combining said encrypted records by saidsecond device prior to transmitting said combined records to said firstdevice.
 8. The method of claim 7, further comprising repeating saidsteps of splitting a message into records, encrypting said records,combining said records and transmitting said combined records until saidmessage is completely transmitted to said first device.
 9. The method ofclaim 7, further comprising performing a cyclic redundancy check andBase64Coding on said combined records prior to transmitting saidcombined records to said first device.
 10. The method of claim 7,further comprising receiving said combined records by said first devicefrom said second device and decrypting said combined records.
 11. Themethod of claim 10, further comprising repeating said steps of receivingsaid combined records, decrypting said combined records, and continuingsaid steps of receiving said combined records and decrypting saidcombined records until said message from said second device is fullyreceived and decrypted.
 12. The method of claim 1, wherein said step ofencrypting said first and said second message is performed with binaryaddition.
 13. The method of claim 1, wherein said step of decryptingsaid first message and said second message is performed with binarysubtraction.
 14. The method of claim 1, further comprising including acode representing said second device by said second device in said firstencrypted message and said second encrypted message.
 15. A method forsecuring a message, said method comprising: generating a first message;receiving encoding information, said encoding information transmitted inresponse to a request to communicate said first message; encrypting saidfirst message with said encoding information and storing said encryptedfirst message in a first memory; transmitting said encrypted firstmessage; generating a second message, and encrypting said second messagewith said encrypted first message stored in said first memory; andtransmitting said encrypted second.
 16. A system for securing a message,said system comprising: a first device, said first device receivingencoding information from a second device, said encoding informationtransmitted to said first device in response to a request from saidfirst device to communicate a first message to said second device; anencryption module, said encryption module encrypting said first messagewith said encoding information; a storage module, said storage modulestoring said encrypted first message in a first memory; a transmissionmodule, said transmission module transmitting said encrypted firstmessage from said first device to said second device; a receptionmodule, said reception module receiving said encrypted first message bysaid second device from said first device; a decryption module, saiddecryption module decrypting said encrypted first message with saidencoding information, said storage module storing said encrypted firstmessage in a second memory; said first device generating a secondmessage, said encryption module encrypting said second message with saidencrypted first message stored in said first memory; said transmissionmodule transmitting said encrypted second message to said second device;and said decryption module decrypting said encrypted second message bysaid second device with said first encrypted message stored in saidsecond memory.
 17. The system of claim 16, wherein said second devicefurther transmits parameters directed to encrypting said first messageand said second message.
 18. The system of claim 17, wherein saidparameters include a small page length value, a large page length valueand a combined records value.
 19. The system of claim 17, said firstdevice further comprising a facility that determines a record pagelength value based on one of said small page length value and said largepage length value after evaluating the size of a message to betransmitted by said transmission module.
 20. The system of claim 19,further comprising a parsing module, said parsing module splitting atleast part of a message into a record having a size equal to said recordpage length value.
 21. The system of claim 20, wherein said encryptionmodule encrypts said record with at least one of said encodinginformation and said encrypted first message.
 22. The system of claim20, wherein said parsing module splits said message into at least tworecords.
 23. The system of claim 22, further comprising a combiningmodule, said combining module combines said encrypted records.
 24. Thesystem of claim 22, wherein said parsing module, said encryption module,said combining module and said transmission module repeat said steps ofsplitting a message into records, encrypting said records, combiningsaid records and transmitting said combined records until said messageis completely transmitted to said first device.
 25. The system of claim24, wherein said parsing module, said decryption module, said combiningmodule and said transmission module repeat said steps of receiving saidcombined records, decrypting said combined records, until said messagefrom said second device is fully received and decrypted.